Questions tagged [flooding]

The flooding attack is used to overwhelm the server in some way for example using TCP SYN packets which reserves resources on the server for the connection or complete HTTP requests as executed by a bot net. It is closely related to DoS and DDoS attacks. Questions may be about preventing, detecting or even running (for testing purposes) such an attack.

60 questions
23
votes
3 answers

What is the purpose of using random IP addresses in SYN Flood Attack?

What is the purpose of using random IP addresses in SYN Flood Attack?
Henok Tesfaye
  • 427
  • 4
  • 10
16
votes
5 answers

Risks with Amazon S3 and costs

I have little security knowledge and looking at image hosting for a startup: Considering S3 doesn't allow you to set a cap on costs, how likely is it that someone could flood S3 with requests for my files and run up a considerable amount of…
going
  • 283
  • 2
  • 8
15
votes
6 answers

Google: "Unusual traffic from your computer network"

I often happen to receive the message: "Unusual traffic from your computer network" while googling in Russian speaking countries. Google explains this with: You may see "Our systems have detected unusual traffic from your computer network" if…
antonio
  • 845
  • 2
  • 8
  • 15
15
votes
4 answers

How to deal with this denial of service attack on an Apache server?

I was the target of different attacks today. The last one created this traffic on port 80. Apache is down and the load on server remains high. Firewall is enabled. Any suggestions? 15:27:10.203993 IP 188.125.110.42.38818 > 190.10.34.115.http: Flags…
antony
  • 309
  • 2
  • 8
13
votes
3 answers

What prevents me from launching an SYN-ACK flood using HTTP servers?

I've been studying networks lately and this issue came across my mind. What prevents me from sending a lot of SYN requests with source address of my (attack's) target and flooding the target's internet line with SYN-ACK packets? This gives me…
tensojka
  • 239
  • 2
  • 5
11
votes
3 answers

What are HTTP GET/POST flood attacks?

I want to know what the main differences are between HTTP GET and POST flood attacks and mitigation strategies for both. I searched a lot but I really can't find some good articles nor examples about these attacks.
user19775
  • 191
  • 2
  • 4
  • 9
10
votes
4 answers

How can I detect and block bots?

For example, if I am on stackoverflow and I refresh my page several times in a row, it starts to think I am a bot and blocks me. How can I build something like this into my own site?
JD Isaacks
  • 365
  • 2
  • 8
9
votes
1 answer

Cisco ASA SYN flood detection and response not working

I have a Cisco ASA 5510 (ASA Version 8.3(2)) that has been getting a syn flood attack on it (or more accurately through it - targeting a host behind it) a couple of times a day for the past few days. The Internet connection itself is decent and it…
bgp
  • 191
  • 1
  • 5
7
votes
2 answers

Why do ISPs allow faked source IP addresses?

Ok so apparently you can specify a source IP when doing a SYN request or something. Besides just asking why in the world that would even be allowed, I will move past that because I want to understand how these things work, like SYN floods. When a…
terikan
  • 71
  • 1
7
votes
3 answers

Stopping DDOS TCP SYN and UDP flood attacks

I would like to know if it's possible to stop a TCP SYN OR ICMP Flood attacks if these attacks are detected at time. What is the most accurate process to filter these addresses if the only way is to block the IP addresses of the botnet.
maya-bf
  • 73
  • 1
  • 1
  • 4
6
votes
5 answers

SYN Flooding issue

I recently purchased a server with "DDoS protection" and a 1gbps uplink. What I can't figure out, is that I'm suffering from SYN floods. Isn't the large amount of bandwidth available to me supposed to be able to nullify these attacks? Is there…
Tar
  • 347
  • 1
  • 4
  • 7
6
votes
1 answer

MAC overflow (flooding)

On a recent switch, is MAC flooding still a vulnerability to be careful of? If that attack is patched on most of them, then on which type of switch is it still vulnerable?
Bob Ebert
  • 246
  • 2
  • 11
5
votes
1 answer

Creating a DDoS attack using DirectConnect

I have been trying to hack around with Apex DirectConnect. What I wish to do is to utilize the querying nature of P2P apps like DC to generate a DDoS attack (see links for reference here, here and here). To quote from one of the references: These…
pnp
  • 1,818
  • 2
  • 26
  • 42
4
votes
4 answers

Mitigate resend confimartion email flooding

While writing server code for resend confirmation page something came to my mind: an attacker could make several requests to /resendemail?user=blah (example URL) and flood such user with registration emails (of course, as long as the user exists and…
Nacib Neme
  • 1,194
  • 2
  • 9
  • 11
4
votes
2 answers

UDP flood 300 Kbps + SYN probes / other attacks. Flood or DDoS at low rate?

So for over 2 weeks, Im receiving what appears a combination of attacks non-stop 24/7. First this UDP flood at a strangely small rate of 280 Kbps / 110 pps (360 bytes length) 02:29:41.978484 IP (tos 0x0, ttl 48, id 56020, offset 0, flags [DF], proto…
Jonas
  • 81
  • 3
1
2 3 4